Could somebody please compete with Tesla

I am a Tesla fan boy. The first stock I ever bought was TSLA. And it is still my second biggest position after Bitcoin. So, of course I am delighted by the recent rally. But speculation was never the primary motivation. I only buy stocks or cryptos, if I see a benefit to our society at large and sustainability. I have an important investment disadvantage in that I only invest in companies that behave ethically. This excludes most of the highly profitable big tech stocks, such as: Apple, Google, Amazon, Microsoft and Disney. My investments are long term. The TSLA market cap raced past Daimler just two months ago, and past Volkswagen last week. In the meantime it is double that of Daimler and 20% above Volkswagen. Essentially, it trippled in the past half year. Should it continue with this pace, it could become the worlds most valuable car maker before the year ends. There are analysts who predict even much higher figures. After all, Tesla’s financial charts show numbers close to exponential.
In the past, Tesla was not perceived as a threat by the old guard of car makers. At least they wouldn’t publicly admit. Some still to this day act as if they could continue selling their pollution machines for the foreseeable future. These days, the tone has changed. Tesla is the benchmark for electric cars, and electric cars are the future.
Ever since I drove a Model S for the first time, I knew that this is the future. It is not just that driving electric is so much nicer, it is also the rest of the experience. Tesla owners are not surprised that their manufacturer leads the brand loyalty statistics. Over the years many Tesla killers were announced. All of them fell short. They have a hard time to even compete with the cars that Tesla released seven years ago. The Porsche Taycan was the first who can compete in terms of performance, but it is the least efficient electric car on the market. Meanwhile the Tesla model 3 is the most efficient car on the market. The Audi comes close in terms of charging speed, but is almost as inefficient as the Porsche. The Hyundai comes close in terms of efficiency, but lacks in everything else. There are so many unique features where Tesla is ahead of the pack: Supercharger network, over the air updates, really good software in the car, self driving, consistently rated as best in class safety. They are pushing the bar in so many directions.
In the foreseeable future, I wouldn’t even consider another car make. All these developments are great, and it seems as if the gap would even increase. But this trajectory leads to a future that slowly starts to concern me. Monopolies are never good. There are countless examples of companies who acted benign while growing up, but turned into bullies once they were big enough to get away with it. Cory Doctorow calls it “every pirate wants to become an admiral” in his book Information doesn’t want to be free. I never met Elon, but I think he is a good guy. Nevertheless every company can rotate personal and change direction. And Tesla customers are reliant on the company more than is usual. So far they never exploited their position, but who could assure that it never happens in the future.
On my last service visit they informed me that in the future they would only accept payments by credit cards. My last credit card expired five years ago, and I have no intentions to go back into the dark ages of pull payments. Also for supercharger usage, you only have three options: Either deposit credit card information in your Tesla account, having some free credit from referrals or the like, or having a car with unlimited lifetime free supercharging. Luckily I have the last option. Using credit cards and leaving its information everywhere can lead to unpleasant experiences like unintentionally buying upgrades. I am sure they will make it right this time, but maybe they could get away with something like this in the future.
Last year I was informed, that they no longer answer the phone at the service center. They want the customers to book the appointments in the Tesla app. Too bad that this app doesn’t run on any of my phones. When a door handle stopped working two weeks ago, I faced a dilemma. I didn’t call because I was told they wouldn’t answer the phone, and the phone number was no longer displayed in the navigation screen of the car. I sent an eMail to the service center and another one to the person I had contact the last time. Both were bounced immediately. There was no trace of the functionality to book appointments on the website. And as stated above, the app doesn’t run neither on my Librem5 nor on my UBPorts phone. So the only option left was to pay a visit in person at the service center. Luckily it is only a 10 minutes deviation from my regular commute. The person told me that a ranger would call me the next day to make an appointment, and that they would answer the phone again. A week later I called to ask if they forgot me. And indeed they didn’t know anything about it. But this time the person in the service center made an appointment. Now I am looking forward to have that door handle fixed.
As long as there is competition, companies have an incentive to keep customers happy. But if your product is so much better than everything else, that incentive goes away, and bad behavior is becoming the norm. So far, there is still some competition from polluting cars, but this will diminish in the coming decade. I am not even sure if it can be considered competition. Everybody (with very few exceptions) who ever drove an electric car never wants to go back. I read from people who say they were treated by Tesla employees as if they needed to be grateful for the privilege to get such a great product. So please, traditional car markers as well as startups: Don’t let that 17 year young Californian electric car company push you out of the market. But please don’t try to hinder them with cheating and throwing rocks like in the past. Better start making products that can compete with Tesla on many levels. Competition is healthy, and having choice is good. 

Update:

Having a ranger coming to fix the door handle was a next level experience. The day before the appointment, as usual I received a confirmation eMail. At about the announced time, I received a call from the ranger informing me that he is now in front of the office building. So I went down, and greeted a very sympathetic  guy in a Model S with a trunk full of tool shelves. After I showed him to my car, I went up to the office to work again. When he was finished less than an hour later, he called me again on the phone. I always like to talk to the technical people. He explained to me, how the design of the door handle improved so that they should no longer break like the first generation. He even confirmed, that the opposite door handle that was replaced earlier is also from the improved design. The price was reasonable as usual with Tesla repairs. At first he wanted a credit card. When I told him that I don’t have one, it was no problem at all. He sent me an invoice to my eMail address, and I paid the same day. So, in conclusion the experience for having the door handle fixed was really really great, after the difficulties with getting an appointment were ironed out.

Technical inspection with the Tesla

Cars have to go to the technical inspection every second year in Switzerland. New ones are exempt from this for the first five years. Now that my Model S is closing in on becoming six years old next month, I got the invitation to bring it in for inspection. Usually with my old ICE cars, I would visit the mechanic beforehand to bring everything in order and to wash the engine. The Tesla has no dirty engine to wash, and was in service last July. So I completely skipped the preparation part.
As usual, the expert performed a short test drive with hard braking. Then followed the indoor inspection. Testing brakes, suspension and lights was as usual. But that was it already. He admitted that he didn’t have much training for Teslas. His manual seemed to indicate that the parking brake was mechanical, while I am convinced it is electronically activated. So he tried to spot the cable. But we were unable to figure out which way it was, because everything is so well hidden behind covers. He said that the lower part of the car looked like from formula one, and wanted to know what material the shield of the battery was made of. He did not have a single complaint, and was done in less than 15 minutes. Wow, I never had a car before that was through the inspection so quickly.

So now is a good time to do some recap. I had the car now for three months short of three years. During this time, I did the following to it:
* Added 95’000 km to the odometer (essentially doubled it)
* Charged 19’208 kWh
* Paid CHF 2’082.5 for electricity
* Paid CHF 63.5 for parking that was only necessary for charging
* Bought three sets of new tires, that I paid all with Bitcoin

Here is some statistic about where I charge:

* 65% at home (typ2 16kWh)
* 15% superchargers
* 13% typ2 22kWh. Probably the lions share of this is the public charger near my in-law’s place, but it also includes Tesla destination chargers and most public chargers in general.
* 2% Chademo (50 kW) and CCS (150 kW)

Given that only 2% was Chademo and CCS together it seems silly that I bought both adapters that cost together close to CHF 1’000. But it was mainly about peace of mind, being sure I can charge everywhere. During holiday trips each one of them proved invaluable. Even if I have an insurance that covers the cost for towing, it would be very inconvenient to get stranded, especially far away from home.

I had a couple of repairs:
* Two xenon headlight bulbs replaced
* One 12V battery replaced
* One door handle replaced with newer version (known problem with the cable to the micro switches in the first revision)
* Tire pressure monitor system replaced with newer version.
* Front brake disks and pads replaced. Was damaged from under usage due to recuperation.
* One electric motor replaced under warranty. It worked still fine, but it was not completely silent any more.
* Replaced all lug nuts, because somebody damaged them using a wrong tool when changing tires.

In total, I paid something more than CHF 4’000 for all the repairs.

Driving around the adriatic sea

This years summer holiday we spent in Korfu, Greece. At first we talked about Croatia, when somebody came up with the idea to go farther south to Greece.
Lets begin with the important facts. This time not as accurate as for the trip to Norway, since I deactivated app access a while ago, which allowed to automatically collect all the data in the past.
Duration: 13 days
Distance covered: 4’100 km
Electricity charged: 850 kWh
Waiting time for charges: 3 hours
Cost for charges: EUR 34 + tips
Our route on a map
All hotels except the holiday house on Corfu booked with CheapAir and paid with Bitcoin
Like the last few years, a key criteria was that we didn’t want to spew big amounts of CO2 and accompanying toxic gasses into the atmosphere. Thus we went again with our electric car. On the way to Corfu I drove the Balcan route. To make the trip home shorter, we took a fairy to Italy. Not only are the roads better in Italy, but also the charging infrastructure is more developed.
It was going to be the first time for us leaving the comfort of the Superchargers. There are some stations planned for the lower Balcan, but no dates are provided yet.
As you can see when comparing the above numbers to the trip to Norway, this time we had some waiting times for charging the car. It had a couple of reasons as you will see when reading through. In general, when I write about a short stop at a Supercharger, that is for coffee or ice cream and toilet. A longer stop at a Supercharger usually means lunch or dinner. These types of breaks don’t count towards the “waiting time for charges” as there is no waiting involved. With waiting times I mean times that were not necessary if it was not for charging. Not all of the waiting was strictly necessary to reach the next destination. But in countries without established charging infrastructure, I always wanted to have some reserve in the battery. You never know if the next planned charge really works out. This is in stark contrast to the normal use of Superchargers, which always work reliably in my experience. With everything else, there is always some risk involved. Thus on our trip I always had a plan B and a plan C.
I love electric road trips, but unfortunately not everybody in the family does. The compromise was to spend a full week stationary in a holiday house on Corfu island. The road trip through the Balcan was a mere means to get there. My wive wanted to have all the hotels on the way booked in advance. The one time we had difficulty finding accommodation in Norway was too stressful for her.

day 1: Driving to Croatia

We started very early in the morning, hoping to reach our destination in the early afternoon. We made it around Milano before the morning rush hour, and our first stop was at the Supercharger in Brescia. We were so early, the shopping mall next to it was still closed. Thus our plan of having breakfast there didn’t play out. So we had some breakfast from our food reserves in the Tesla lounge. We made a short (coffee and toilet) stop at the Supercharger next to Venice. The next stop was already at the Supercharger in Slowenia. Again, our plan of having lunch there didn’t play out, because there was no restaurant nearby, only a gas station shop. So, we drove to a restaurant with a destination charger that was close to our route. It turned out to be a very nice restaurant. The food was delicious, and the view over the sea marvelous. Now the battery had more than enough energy to reach the Plitvice Holiday Resort. We didn’t know that for the tiny strip of highway in Slowenia we were supposed to buy a vignette. And promptly two policemen imposed a EUR 150 fine on us. Yes, the Swiss police also hands out fines to tourists who drive on the highway without a vignette, but the signs are hard to miss upon entering Switzerland. While we didn’t see anything when entering Slowenia. Avoiding the highway would probably not even have been a time penalty, if I knew about this. On the way to Grabovac, the navigation system took us through single lane back country roads. Once even on a dirt road which turned out to be an error. I booked a tree house for the night, and it was the absolute highlight for our boys. The resort has a pictogram for E.V. charging on the website, and when I asked, they told me that I don’t have to reserve a charging spot, and that it will be all fine. When we arrived, I realized that there was no special infrastructure for charging cars, instead I could connect to one of the power outlets, that are all over the camp ground. Because the fuse constantly blew, I had to dial down all the way to 7Amp (1.6kW).

day 2: Plitvice lakes

We spent all morning in the tree house and the resort. It was a dream come true for the boys. At the bottom of the tree house there was a trampoline atop of a small artificial river. The river ended in a small artificial lake that was surrounded by nice bungalows. In the afternoon, we visited the Plitvice Lakes. It is one of UNESCOs oldest national parks. The 16 lakes and numerous waterfalls are a must see! In the evening we drove to Zadar. I didn’t care to book an accommodation with charging, because the next Supercharger is so close. We visited the old town where the car charged on a free station while we had dinner.

day 3: Dubrovnik and driving to Montenegro

We made short stops at all the Superchargers we crossed: Zadar, Split and Gravorac. Then we topped up the Battery in the parking, while visiting the old town of Dubrovnik. We knew it must look cool, if they filmed part of “Game of Thrones” there. But it was almost like Venice, just without canals. After leaving Croatia, we drove through most of Montenegro while it was already dark. But at least we got to see some of its beauty in daylight and during dawn. Next time, I would plan more time for Montenegro. I didn’t know the country, and my wive was worried about the cleanliness, so I booked a better hotel than we would usually choose. The prices are generally cheaper in Montenegro, thus we got a gigantic suite with two bedrooms, two bathrooms and a big kitchen/living room in a spa hotel for the same price as we got a simple room or apartment in other places. After the last Supercharger was in Croatia, it was important that we can charge the car full over the night. Thus I booked only after making sure to get three phase power. The owner was very well prepared and helpful. I am also thankful to Benedikt who sent me an old Yugoslavian plug which is still common in Montenegro.

day 4: Driving through Albania

Before leaving Ulcinj, the boys took a swim in the hotel pool. Albania was the country where part of our family didn’t look forward to. It is really different to the other countries we visited. It has nice places, but you also see a lot of dirt and garbage lying around everywhere. Especially the suburbs of Tirana looked grim. This was close to the industrial area where we visited the Volkswagen importer which has a CCS charging station. My car got the CCS retrofit only weeks before our trip. CCS is normally used for high power fast charging of up to 150kW and potentially more in the future. So I was a little bit disappointed when I found out that this CCS station only delivers 22kW. At least the employees were very friendly and helpful. Unfortunately there was no good restaurant nearby, so we had our lunch again from our food reserves. Albania has highways that are free to use. But they are different from what we are used to. Every ten minutes or so, there is a crossing where it narrows to one lane and the speed is limited to 40km/h. And every time you slow down in concert with 10 other cars, there is one asshole who crosses all the double markings on the road and passes everyone else with 150km/h, risking fatalities if another car crossed the road. This sort of extreme reckless driving was present everywhere in Albania. I had to brake very hard multiple times to prevent frontal crashes on curvy roads where some idiot drove on the wrong lane in front of a curve with zero visibility. This really tainted my image of Albanians even though the people I had direct contact with, were really nice and friendly.
When I missed a fork, because the road looked like a dirt road and I thought there must be a better road ahead, we came to a nice beach and took a short break. After that, the navigation system told me to continue along the dirt road to the other end of the beach. To my astonishment, the road leading up to the main road was not paved, and in a very bad condition. I put the air suspension to “very high”, but still had to be very careful not to scratch the bottom of the car at the rocks. This was really at the border of what I want to put my car through. But after you drove a bad road for a while and think that it has to improve any moment, it is hard to turn around and go back.
We arrived at the Palazzine Hotel in Vlore in the late afternoon. Vlore is by far the nicest place in Albania that we saw. It has a long beach full of hotels and restaurants. It is relatively clean, not as clean as in western Europe, but cleaner than the rest of the country. For about the same price we got a nice suite again. Despite the reassurances when booking and a week before the trip, the receptionist didn’t know anything about car charging. But she called a house keeper and a cook. They were extremely helpful, and didn’t stop searching until they found a suitable three phase plug in the upper kitchen. With my 10 meter extension cord it was just enough to reach the charging port of the car. The hotel has a beautiful terrace about 20 meters above the sea. From there we witnessed a scenic sunset while having a delicious and surprisingly cheap dinner.

day 5: Reaching Corfu

Shortly after leaving Vlore, we drove up a mountain pass road. On the way up, the forest looked almost like home to us. But the way down on the other side had totally different vegetation. It was a lot drier and steeper, going straight to the sea. There was a paragliding spot, but we didn’t have time. From there we could already see Corfu in the distance. Even if the straight line distance was not a lot, driving the curvy roads along the coast all the way to Igoumenitsa took a long time. Because we didn’t wand to wait an hour for the fairy which goes to the south of Corfu, we took the one to the north which left earlier. Only on the boat we realized how much longer this detour would take. Nonetheless we arrived at our holiday house shortly before dawn.

A week in Corfu

We spent a week in Corfu, visiting different beaches, the highest mountain, a castle built for Sissi and the main city. I couldn’t fly my paragllider, because I drove to the wrong town which sounded so similar. But I took some basic lessons for kite surfing. The feel for the wing I gained from paragliding helped a lot. But standing up on the board was not so easy for me. At the premise we had access to a regular household plug for charging the car. Since our trips on the island were usually not that long, the slow charging speed was enough.

Fairy to Brindisi

For the trip back home we took a fairy to Italy. This reduced our travel time considerably. I was told to be one hour before departure at the port, where I would get the real ticket in exchange for the voucher. At the entrance of the harbor, we asked where we would get that ticket, and they sent us back into the city. After some more misinformation, we barely made it onto the ship in time. I took the shortest fairy route because I wanted to produce the least amount of CO2. But we were still disgusted to see the dirty air exiting the exhaust of the fairy boat. My wive didn’t want to sleep on the boat, so we spent an extended afternoon looking at the calm sea, and trying to find food on a boat with only closed restaurants. Arriving in Brindisi, we drove until our hotel near Pescara with a dinner stop at the Cerignola Supercharger.

Back home

Like the first day, the last one of our holiday was a very long one with a lot of driving and traffic jams. We charged at the following Superchargers: Pescara, Fano, Modena, Melide. This time eating while charging worked out again as it usually does. When we approached Altdorf in the middle of the night, we discovered that the Axenstrasse is closed, and we thus had to drive all around lake Lucerne, adding yet another hour.

Navigation

I was curious about where the car would have internet connectivity, and how far the offline maps of the navigation system would reach. My guess was that connectivity would only be available in countries where Tesla has Superchargers, namely only as far as Croatia. I was almost correct. Luckily for us the car had connectivity also in Greece. In Montenegro and Albania the car had no Internet, leaving us with only the offline maps and without traffic information nor music streaming. No big deal, really. If it were not for a little problem we discovered when driving through Montenegro in the dark. As soon as the screen switched to night mode after the sun went down, the offline maps didn’t display any information other than the current route. At least it correctly recalculated the route when I missed a fork. A bit more context would be helpful, though.

Energy consumption vs time saving

There is a construction site at the feeway exit for my work place. Because of that, it takes about ten minutes more to commute. That triggered me to drive along the other site of lake Zug. It is the shorter route. But since it is a small road that goes through all the villages, it usually takes about ten minutes longer. What is more interesting, is the energy consumption.
On the freeway route the car usually consumes between 15 and 23 kWh per daily commute. The actual value depends mainly on temperature and weather conditions. The highest consumption values are with freezing temperatures and snow storms. This results in bad aero-dynamics and high rolling resistance combined with energy used for heating the cabin.
On the alternative route the car only consumed about 11kWh the other day. That was with moderate temperature and a short part of freeway. And this was still with winter tires, which usually lead to higher consumption.
The massive difference is not explained by the shorter distance, but by the slower speed. Hence by driving the shorter route, I could reduce the energy cost per daily commute from an average CHF 2.7 to CHF 1.7 but is this worth enlarging the commute from 2×30 to 2×40 minutes? Not really!
Oh and BTW, the daily commute by train would be CHF 25 and take on the order of 2×50 minutes.

Generating solar electricity at home

After I switched to an electric car, I started to care much more about where the energy we consume comes from. With petrol and diesel you don’t really have that option. We are in a comfortable situation that we have some small hydro electric dams nearby. Thus all the electricity we use at home and for driving around, comes from 100% renewable, local production. When you meet with other E.V. drivers, renewable energy production is always an interesting topic. Lots of these folks have their own solar panels on the roof. Solar is especially interesting as it has no moving parts, and can be employed by private people. It becomes more problematic however if you don’t own a house. We live in a rented apartment, thus we have no option to put our own solar panels on the roof. Not all is lost fortunately. Recently I learned about panels with an integrated micro inverter that can be plugged directly into a regular plug on your balcony. According to Swiss law, up to 600W can be installed by private individuals. They only have to notify their power provider.
So I ordered an ADE Geranium from Energiegenossenschaft that I could pay with Bitcoin. Last week it arrived, and I immediately installed it in our garden. It can feed up to 250W into the plug. I don’t expect to feed a lot of this into the grid. It is more to reduce the standby consumption by refrigerators and computers. 250W is peak anyway and not often reached. In the first week after installation, it only produced 3.5 kWh. So it will likely take 10 years for it to amortize. But it comes with a 25 year warranty.

Charging at a strangers house

We spent the last week in an alpine Chalet and had to leave the car in a public parking halfway down the mountain. Upon arrival, the battery was down to 20% SOC. I read that leaving it below 20% or above 80% for extended periods of time was not too healthy. So I asked at a house next to the parking, if I could plug in the car for a while. They seemed friendly and agreed immediately. I told the man that I would need about 40kWh, and asked how much the electricity costs. He said he had no clue and I would have to know.
When I came to pick up the car, I gave him about twice as much as the electricity would cost at the most expensive rate known to me, and about three times as much as I pay at home. That was when he started complaining. He said when he goes to the gas pump with his ICE car, he wouldn’t get a lot of gas for this price. And if he knew that I was going to pay so little, he wouldn’t let me charge. Same for me, if I knew he would be discontent, I would rather drive 20 minutes to the next Supercharger, get free electricity, and still be welcome.
I never paid so much for a charge as I gave him. Usually if the electricity is too expensive at a public charging station, I just drive on to find something reasonable. But I paid him more than I usually would, because I wanted it to be a good experience for him.
I read about mostly good experiences when asking strangers for a plug. But after this incident, I will think twice next time.
What were your experiences with charging at a stranger’s house?

Spending Bitcoin while charging the car

When I go some place new, I always check out what Bitcoin accepting venues there are. I usually try to prioritize shops that accept crypto currency.
When I drive some place far away, I have to charge the car on the way. No big deal, usually I can eat, drink or go to the toilet. All those activities, I prefer not to perform in the car while driving anyway. When I’m done, the battery is charged enough to continue the journey.
But how cool would it be to combine the two. If there was a restaurant that accepts BTC next to a supercharger, I would eat there for sure. Unfortunately finding this information manually is a hassle. That is how the idea was born to write a simple script to correlate charging stations and Bitcoin shops. I did it only quick and dirty. It could be improved a lot, but I’m not sure that is necessary.
You can visit a map with the correlated locations on ZeroNet: Bitcoin shops at car charging stations
If you want to have a look at the script that compiles the list or improve it, you can do so at: bitcoin_supercharger.py

Green Technology Tour

Charles and I are going to participate in the WAVE (world advanced vehicle expedition) along the Grand Tour of Switzerland. This years tour will take place from June 8th to 16th and is titled “Green Technology Tour”.
We enter the trophy as Team Bitcoin with a big BTC logo on the frunk.
The tour will have well publicized stops at approx 40 cities. I’m very excited to spread the word about decentralized payments, and that Bitcoin is so much more than speculation…

You can follow our team blog directly on ZeroNet:
zero://wavebtc.bit
or through a proxy:
http://zeronet.ulrichard.ch/wavebtc.bit
https://zero.acelewis.com/#wavebtc.bit
The proxy links may not work every time. The second one randomly redirects to different proxy servers, some of which can be temporarily down, or don’t allow adding new sites. If you get an error, just try again, or better yet install ZeroNet.
In that respect ZeroNet is very similar to Bitcoin itself. Both networks are incredibly reliable and resilient. Unfortunately that doesn’t apply to the connection to the old world: The exchanges for Bitcoin and the proxies for ZeroNet.

General info about the WAVE is at:
wavetrophy.com

Why I deactivated Tesla app access

The official Tesla App is unfortunately not available for Ubuntu Phone. And there is no indication that it will be on my next phone, the Librem5 from Purism. On the bright side, from the computer I can control my car using the VisibleTesla desktop app running inside a docker container. But the best part about remotely controlling the car is that the API is publicly documented. Bindings are available for most scripting languages. That allows me to control the car from my Ubuntu phone at the command line. It also allows me to run a cron job to pre heat the car before I drive to and from work. It also allows me to precisely track how much electricity I charge, and where. It also allowed us to open the doors directly from an ethereum smart contract at Hack4Climate. And it allowed me to implement a cool live tracking for our summer holiday road trip. The possibilities are endless.

All my scripts authenticate using a token that is said to expire after 90 days. I set up my scripts so that I can enter my password to get a new token. And then the new token is used from there. Usually I enter the password on a maximally secured system, and then copy the file containing the access token to the other systems. That is because I saw in the API documentation, that remote starting the car requires the password explicitly. So if a hacker gained root access to my server or my phone, he could open the doors, but not drive away with my car.

When I first discovered that the Tesla account is secured only with a password, I was bewildered. I mean, this account is essentially a virtual key to my car. Everything that secures something with a value above a few hundred bucks, has used two factor authentication for many years. Having been in the Bitcoin space for some time, cyber security is very important for me. I refuse to use software based 2FA, instead I insist on hardware solutions. I have used a USB dongle with a secure element to manage my GPG keys for a long time. I use FIDO U2FA wherever I can. Most of my crypto currency holdings are secured by multiple hardware wallets. I switched my bank, because the former used text messages as second factor. And now, I find out that the most expensive thing that I bought in my entire live, is secured with only one factor. Wow! That was shocker No 1! So I picked a very long and hard to guess password. I didn’t store it anywhere. I am very cautious on which devices I even type it. But still I was uneasy about it all along.

Last week some of my scripts started reporting errors. As expected, an access token was expired. But I failed to get a new one by entering the password. So I tried logging in on the Tesla website. What I got to see, was a message that my account was blocked due to too many invalid login attempts. There was a button to reset the password. The result of that reset request was an eMail in my inbox with a link to a web form, where I can enter a new password. Hey, but wait a second. That eMail was NOT encrypted! Even if the link is only valid for a few minutes, everybody who sees it could take over my Tesla account, and steal my car. Seriously? That was shocker No 2!!! If a hacker gained access to my eMail account, he could even delete the mail, and I had no idea what’s going on.

I have regarded unencrypted eMails as an insecure means of communication for many years. And I thought that was common sense. For increased security, I run my own mail server. But my ISP added all the dynamic IP addresses to a spam list, and wants me to pay for an expensive business account in order to have eMail work well. Hence I use an externally hosted eMail address for most of the time, also for my Tesla account. So I wanted to quickly verify the security of that mail account. And while I’m at it, change the password to a more secure one. But the first surprise came in the form of the customer login to the management system. It was http only. No way to enter the password without running the risk of it being eavesdropped on. Seriously? That was shocker No 3!!!

Sure, it’s easy to blame my eMail provider, or me for selecting it. In reality it used to be hosted with another company that was later acquired. That just highlights the fact, that it is outside of your control. Email is not secure, and should not be used to transmit sensitive information, unless it’s encrypted – Period! I read about hacked eMail accounts and account takeovers every week. Lots of websites require some security questions in order to unlock an account. That’s better than nothing, if there is not a lot at stake. But if an account controls anything of value, solid 2 factor authentication is a must. Even if the mail account offers FIDO U2FA, I wouldn’t trust it with my car. For example gmail offers U2FA. But guess what happens when you log in with a browser that has no support for it. Yes right, convenience gets priority over security.

Account Recovery Exploitation is a known problem. Let me quote a paragraph from an article by yubico: 5 Surprisingly Easy Ways Your Online Account Credentials Can Be Stolen

Due to the large scale of users for many services and the general desire to keep support costs low everywhere, account recovery flows can be much weaker than the primary authentication channel. For example, it’s common for companies deploying strong two-factor authentication (2FA) solutions as their primary method to leave SMS as a backup. Alternatively, companies may simply allow help desk personnel to reset credentials or set temporary bypass codes with just a phone call and little to no identity verification requirements.
Services implementing 2FA need to strengthen both the primary and the recovery login flow so that users aren’t compromised by the weaker path.

Unfortunately, both the primary and the recovery login flow of the Tesla account are incredibly weak. As much as I love the cool and convenient features from remotely controlling my car, I disabled app access in the settings screen of the car. I would like to re-enable it very much. But only once I can trust the security of it again.

I read many times how important security is for Tesla. And how fast they respond to fix vulnerabilities. But then I found numerous reports of people complaining about the very same problems from FOUR years ago: 1 2 3. Sure, security means different things to different people. I’m grateful to the engineers who make sure, I don’t get killed in the car. But I also don’t want my car to get stolen or broken into so easily. When discussing this topic on a forum, one guy stated he doesn’t want to carry a secure hardware device the size of a key, and that he doesn’t care if his car is stolen. He has insurance. I have insurance too, but still don’t want to go through that experience.

Now, if you read this far and have a Twitter account, may I ask you to visit https://www.dongleauth.info/#iot, and click the button next to Tesla?

The mother of all hackathons

I just returned from #hack4climate. Even if it was just my third hackathon, I can state with certainty that this one was unlike any other. None of the 100 hackers from 33  countries experienced anything remotely comparable before.

The topic of the event was to develop solutions how blockchain technology can help fighting climate change.

First let me explore how the event differentiated from other hackathons. The hacking session was 24 hours, but the whole event lasted four full days. There were pre-workshops around the world. 100 participants were selected and invited to Bonn. Travel expenses were covered. We stayed on a five star hotel ship. It was adjacent to the UN climate conference. We had balcony suites on the ship. The food was appropriate for a 5 star ship, complete with wine to every dinner. The days before and after the hacking session were filled with interesting talks, a guided city tour, interesting discussions and lots of networking. There were so many interesting people and so much to talk about. At the last day they wanted to make a photo of us on the boat in front of the UN building. Drones were forbidden in the security zone, so the photographer rented a crane to get the perfect shot.

I knew nobody from the event in advance. But I knew that out of the sub topics, I was most interested in “sustainable transportation”. At the team building session, I headed straight to the guy with the most interesting pitch that contained something about cars. Our team was formed soon after, and I had a good feeling from the start. Two were from Singapore who already knew each other. Two were from India one living in San Francisco and the other in China. And one was also from Switzerland, but we didn’t know each other before.

When the hack session started at Tuesday noon, we shaped our rough ideas into a project that we could realize in the short amount of time. Then everybody stated what he would like to do. It all seemed to fit together wonderfully. I wanted to implement the smart contract. I didn’t have much experience in that area, and was grateful that the others could help me and answer my questions. Rather than drawing large diagrams, we collaborated on the interfaces, and then worked towards these. We didn’t hit mayor roadblocks or problems, everything seemed to flow in place. Most of us agreed that we are not productive after 2AM and that is is better to get some hours of sleep. In the morning we went out to shoot a video of our product in action.  The guys from SBB (who was a sponsor of the event) were around us most of the time. They helped where they could, and were generally very interested and engaged. We had many great discussions with them.

Our project was about end to end transportation. On the mobile app, you select a destination, and it identifies legs to use different means of transportation. We focused on car sharing, but other options include trains, bikes or buses. Our smart contract abstracts a car that can be rented over the ethereum blockchain. The owner of the car registers it by creating an instance of the smart contract. A person who wants to rent it can do so by sending ether. The required amount is determined by the price per km the owner wants, times the number of km the renter wants. If he doesn’t use up the credit, the rest is reimbursed at the end of the trip. But if he drives too far, the cars performance is degraded by the smart contract. The car was represented by a RaspberryPi running an ethereum node and our backend running on nodejs. Initially opening the car was indicated by an LED attached to the RPI. But to make it more realistic, the RPI then called the Tesla API to open a real car. At the end of the trip the RPI collected information about the car such as odometer and battery level as well as firmware version, stored it on the IPFS and registered the IPFS address with the smart contract to form an unfalsifiable audit trail. Last but not least, one of our team members used data from moving cars and turned it into an appealing 3D animation that highlights the hot spots in a city.

We were thrilled all along, even more after all the positive reactions to our presentation. And hooray, we made it into the finalists! That meant, we could present our project at the COP. That’s the fair for NGO’s which is attached to the UN climate conference. The team that won the hackathon, did so deservedly. Their project was about incentivizing land owners not to cut their trees. They used blockchain and game theory for the monetary part. In addition they trained a neuronal network to predict areas which are endangered most of deforestation, and need special attention.

A first official video appeared here, and I’m sure others will follow on the official website.

Update Dec 16 2017

The official after movie of #hack4climate was released:
https://youtu.be/UOANny6i0QM